The trick to detecting promiscuous mode
NIC cards on a
network is sending an invalid
MAC address in a
packet across the wire. Under normal mode, cards reject such packets. Under promiscuous mode, they
absorb it. This is the downfall of
packet sniffers anywhere, because most (if not all) cards cannot be selective in their promiscuous mode.
The
security agency,
L0pht i think has released a
tool to help you detect
sniffers. I think it uses a
variant of this mentioned hardware level trick.